FEDORA-2022-c539e66932

Packages in this update:

seamonkey-2.53.11-1.fc34

Update description:

Update to 2.53.11

Default version of Firefox for the User-Agent string has now been changed to 68.0 . This should provide better compatibility with modern sites. The value can be changed in Preferences–>Advanced–>HTTP Networking .

Besides that, an alternate site-specific override machanism is now activated. (The idea comes from Waterfox-Classic project). The file ua-update.json in the application dir is now additionally used for a list of overrides. You can copy it into your profile and edit if needed (be careful with format.) The “general.useragent.override.*” way continues to work and takes precedence. The new mechanism can be toggled by “general.useragent.updates.enabled” prefs (in about:config).

Read More

FEDORA-2022-5813fd753f

Packages in this update:

seamonkey-2.53.11-1.fc35

Update description:

Update to 2.53.11

Default version of Firefox for the User-Agent string has now been changed to 68.0 . This should provide better compatibility with modern sites. The value can be changed in Preferences–>Advanced–>HTTP Networking .

Besides that, an alternate site-specific override machanism is now activated. (The idea comes from Waterfox-Classic project). The file ua-update.json in the application dir is now additionally used for a list of overrides. You can copy it into your profile and edit if needed (be careful with format.) The “general.useragent.override.*” way continues to work and takes precedence. The new mechanism can be toggled by “general.useragent.updates.enabled” prefs (in about:config).

Read More

FEDORA-2022-609c83fc75

Packages in this update:

seamonkey-2.53.11-1.fc36

Update description:

Update to 2.53.11

Default version of Firefox for the User-Agent string has now been changed to 68.0 . This should provide better compatibility with modern sites. The value can be changed in Preferences–>Advanced–>HTTP Networking .

Besides that, an alternate site-specific override machanism is now activated. (The idea comes from Waterfox-Classic project). The file ua-update.json in the application dir is now additionally used for a list of overrides. You can copy it into your profile and edit if needed (be careful with format.) The “general.useragent.override.*” way continues to work and takes precedence. The new mechanism can be toggled by “general.useragent.updates.enabled” prefs (in about:config).

Read More

FEDORA-2022-8cc64f73d0

Packages in this update:

cyrus-sasl-2.1.27-9.fc34

Update description:

Security fix CVE-2022-24407 (#2057334)

Read More

FEDORA-2022-f9642fab70

Packages in this update:

cyrus-sasl-2.1.27-14.fc35

Update description:

Security fix for CVE-2022-24407 (#2057334)

Read More

FEDORA-2022-e33e824d37

Packages in this update:

cyrus-sasl-2.1.27-18.fc36

Update description:

Security fix CVE-2022-24407 (#2057334)

Read More

FEDORA-2022-3bbe89c20f

Packages in this update:

libreoffice-7.1.8.1-4.fc34

Update description:

CVE-2021-25636 Incorrect trust validation of signature with ambiguous KeyInfo children
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636

changing text color of list changes vertical spacing https://bugs.documentfoundation.org/show_bug.cgi?id=147166

Read More

FEDORA-FLATPAK-2022-b071b4e88e

Packages in this update:

firefox-stable-3520220222133031.1

Update description:

Update to latest upstream version

Read More

An out-of-bounds write was discovered in Thunderbird, which could
be triggered via a malformed email message.

Read More

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)

Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver
in the Linux kernel did not properly handle some error conditions. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2021-43976)

Wenqing Liu discovered that the f2fs file system implementation in the
Linux kernel did not properly validate inode types while performing garbage
collection. An attacker could use this to construct a malicious f2fs image
that, when mounted and operated on, could cause a denial of service (system
crash). (CVE-2021-44879)

Samuel Page discovered that the Transparent Inter-Process Communication
(TIPC) protocol implementation in the Linux kernel contained a stack-based
buffer overflow. A remote attacker could use this to cause a denial of
service (system crash) for systems that have a TIPC bearer configured.
(CVE-2022-0435)

Lyu Tao discovered that the NFS implementation in the Linux kernel did not
properly handle requests to open a directory on a regular file. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-24448)

It was discovered that the YAM AX.25 device driver in the Linux kernel did
not properly deallocate memory in some error conditions. A local privileged
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2022-24959)

Read More